Select Page

The German police yesterday raided the house of the developer of OmniRAT and seized his laptop, computer and mobile phones probably as part of an investigation into a recent cyber attack, a source told The Hacker News.

OmniRAT made headlines in November 2015 when its developer launched it as a legitimate remote administration tool for IT experts and companies to manage their devices with explicit permissions.

Available between $25 and $100, OmniRAT quickly became one of the most popular remote administration tools, allowing users to monitor Android, Windows, Linux, and Mac devices remotely and access every available information on them.

However, just like any other remote administration tool like DroidJack, DarkComet, AndroRAT, and njRAT, some customers of OmniRAT also used the tool for illicit purposes, especially because it was available at a far cheaper price than other RATs in the market.

In one such event earlier this year, a group of hackers attempted to target several industries by exploiting an old remote code execution vulnerability (CVE-2016-7262) in Microsoft Excel that eventually installed OmniRAT on targeted computers.

According to a security researcher who reported this incident in January, the attackers used a malformed Excel sheet disguising as a business profile of “Kuwait Petroleum Corporation (KPC)” to lure its victims into opening the attachment.

Though Kuwait Petroleum Company was not itself targeted by the malware, another anonymous source told The Hacker News that almost two months ago, lawyers representing the oil company started emailing the domain registrar from where the official domain of OmniRAT was registered and demanded them to disclose the identity of the domain owner, citing whois-related GDPR and ICANN rules.

images from Hacker News